(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

CloudGoat

Rhino Security Labs' "Vulnerable by Design" cloud deployment tool. CTF-style scenarios: create and complete scenarios in AWS (and Azure); explore the environment, identify vulnerabilities, and exploit to the goal. Modular; each scenario can be started, reset, or shut down independently.

Collections offline container
Technology Python AWS
Categories CTF Single-player
Author Rhino Security Labs
Stars 3627 stars
Last contribution Mar 20, 2026 < 6mo
Link Guide Announcement Docker

Notes

Do not deploy in production or alongside sensitive resources. Requires Python 3.9+, Terraform, AWS CLI, Azure CLI (for Azure scenarios). Linux/macOS.

← Back to directory